Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 206428 - CVE-2006-4340 Various Firefox security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4571)
CVE-2006-4340 Various Firefox security issues (CVE-2006-4253 CVE-2006-4565 CV...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: firefox (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-09-14 07:49 EDT by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0675
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-15 02:38:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0675 normal SHIPPED_LIVE Critical: firefox security update 2006-09-15 00:00:00 EDT

  None (edit)
Description Mark J. Cox 2006-09-14 07:49:24 EDT
** MFSA-2006-57 **

        Two flaws were found in the way Firefox processed certain
        regular expressions.  A malicious web page could crash the
        browser or possibly execute arbitrary code as the user running
        Firefox.  (CVE-2006-4565, CVE-2006-4566)

        CVE-2006-4565 https://bugzilla.mozilla.org/show_bug.cgi?id=346090
        CVE-2006-4566 https://bugzilla.mozilla.org/show_bug.cgi?id=346794

        ** MFSA-2006-58 **

        A flaw was found in the Firefox auto-update verfication
        system.  An attacker who has the ability to spoof a victim's
        DNS could get Firefox to download and install malicious code.
        In order to exploit this issue an attacker would also need to
        get a victim to previously accept an unverifiable certificate.
        DNS.  (CVE-2006-4567)

        CVE-2006-4567 https://bugzilla.mozilla.org/show_bug.cgi?id=340198

        ** MFSA-2006-59 **

        A flaw was found in the handling of Javascript timed events.
        A malicious web page could crash the browser or possibly
        execute arbitrary code as the user running
        Firefox. (CVE-2006-4253)


        ** MFSA-2006-60 **

        Daniel Bleichenbacher recently described an implementation
        error in RSA signature verification.  For RSA keys with
        exponent 3 it is possible for an attacker to forge a signature
        that which would be incorrectly verified by the NSS library.
        Firefox as shipped trusts several root Certificate Authorities
        that use exponent 3.  An attacker could have created a
        carefully crafted SSL certificate which be incorrectly trusted
        when their site was visited by a victim. (CVE-2006-4340)


        ** MFSA-2006-61 **

        Firefox did not properly prevent a frame in one domain from
        injecting content into a sub-frame that belongs to another
        domain, which facilitates website spoofing and other
        attacks (CVE-2006-4568)



        ** MFSA-2006-62 **

        Firefox did not load manually opened, blocked popups in the
        right domain context, which could lead to cross-site scripting
        attacks.  In order to exploit this issue an attacker would
        need to find a site which would frame their malicious page and
        convince the user to manually open a blocked popup.


        ** MFSA-2006-64 **

        A number of flaws were found in Firefox.  A malicious web page
        could crash the browser or possibly execute arbitrary code as
        the user running Firefox.  (CVE-2006-4571)

        Affects: FF SM
Comment 2 Mark J. Cox 2006-09-15 02:32:46 EDT
removing embargo; now public
Comment 3 Red Hat Bugzilla 2006-09-15 02:38:41 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.